Render 2fa recovery codes instead of downloading it

8ae712ae · Dmitriy Zaporozhets · Robert Speicher · 802fcd05 · 8ae712ae · 8ae712ae
Commit 8ae712ae authored Apr 02, 2015 by Dmitriy Zaporozhets Committed by Robert Speicher May 09, 2015
6 changed files
--- a/app/controllers/profiles/two_factor_auths_controller.rb
+++ b/app/controllers/profiles/two_factor_auths_controller.rb
@@ -11,9 +11,10 @@ class Profiles::TwoFactorAuthsController < ApplicationController
  def create
    if current_user.valid_otp?(params[:pin_code])
      current_user.otp_required_for_login = true
+      @codes = current_user.generate_otp_backup_codes!
      current_user.save!

-      redirect_to profile_account_path
+      render 'create'
    else
      @error = 'Invalid pin code'
      @qr_code = build_qr_code
@@ -22,9 +23,8 @@ class Profiles::TwoFactorAuthsController < ApplicationController
  end

  def codes
-    codes = current_user.generate_otp_backup_codes!
+    @codes = current_user.generate_otp_backup_codes!
    current_user.save!
-    send_data codes.join("\n"), filename: 'gitlab_recovery_codes.txt'
  end

  def destroy

--- a/app/views/profiles/accounts/show.html.haml
+++ b/app/views/profiles/accounts/show.html.haml
@@ -35,14 +35,11 @@
        %div
          .pull-right
            = link_to "Disable 2-Factor Authentication", profile_two_factor_auth_path, method: :delete, class: 'btn btn-close btn-sm'
-          %p.slead
-            %i.fa.fa-warning
-            Please
-            %strong #{link_to "download recovery codes", codes_profile_two_factor_auth_path}
-            so you can access your account if you lose your phone.
-            %br
-            %i.fa.fa-warning
-            Every time you download recovery codes - we generate the new codes. Previously downloaded codes won't work anymore.
+          %p
+            If you lost your recovery codes - you can
+            %strong
+              = link_to "generate new one", codes_profile_two_factor_auth_path, method: :post,
+                data: { confirm: 'After we generate new recovery codes - old codes will not be valid any more. Are you sure?' }

      - else
        %legend Two-Factor Authentication

--- a/app/views/profiles/two_factor_auths/_codes.html.haml
+++ b/app/views/profiles/two_factor_auths/_codes.html.haml
+%p.slead
+  Please save this recovery codes so you can access your account if you lose your phone.
+
+.codes.well
+  %ul
+    - @codes.each do |code|
+      %li
+        %span.monospace
+          = code
+
+= link_to profile_account_path, class: 'btn btn-success' do
+  I saved the codes
--- a/app/views/profiles/two_factor_auths/codes.html.haml
+++ b/app/views/profiles/two_factor_auths/codes.html.haml
+%h3.page-title Two-Factor Authentication Recovery codes
+%hr
+= render 'codes'
--- a/app/views/profiles/two_factor_auths/create.html.haml
+++ b/app/views/profiles/two_factor_auths/create.html.haml
+.alert.alert-success
+  Congratulations! You have enabled Two-Factor Authentication!
+
+= render 'codes'
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -228,7 +228,7 @@ Gitlab::Application.routes.draw do
      resource :avatar, only: [:destroy]
      resource :two_factor_auth, only: [:new, :create, :destroy] do
        member do
-          get :codes
+          post :codes
        end
      end
    end